0

What are the practices in 2015 in the companies you work in to provide the highest security level when designing a REST API / web service?

Please answer taking into account Identity Management.

For example - do you still use hashes for passwords in your databases? I am sure many of you work in companies where the security level is of a great importance. I would be extremely grateful if you could share your current experience.

If it matters, we would like to use .NET 5 with their newest Web Api.

EDIT Opinion based? I am asking for what people use to secure their services nowadays, there is nothing to be opinion based.

ebvtrnog
  • 4,167
  • 4
  • 31
  • 59

1 Answers1

2

It's best to avoid doing your own identity management all together. For applications used within your company, use your Active Directory (ADFS) or cloud based directory (Azure AD).

For all other (internet) applications, use a social identity provider like Facebook, Google or Twitter.

Your users don't need another username and password to remember and you don't need the headaches of storing passwords and doing password resets.

MvdD
  • 22,082
  • 8
  • 65
  • 93
  • "I think" = your opinion. – spender May 27 '15 at 15:34
  • 2
    @spender I removed 'I think'. Is it a fact now? ;) – MvdD May 27 '15 at 15:39
  • 1
    It's still really an opinion. What about the users [who don't want to use social logins](http://meta.stackoverflow.com/questions/295139/i-deleted-the-facebook-account-connected-to-my-stack-overflow-account-are-there?cb=1)? – spender May 27 '15 at 17:20